Intro to Rootkit Hunter

RKHunter downloads a list of known exploits and then checks your system against the database. It also alerts you if it detects unsafe settings in some common applications.

#!/bin/bash

apt update && apt upgrade -y

# Rootkit Hunter - Scan for Rootkits, backdoors and exploits

EMAIL='' # email for sending logs
SERVER='' # server name

rkhunter() {
	wget https://downloads.sourceforge.net/project/rkhunter/rkhunter/1.4.4/rkhunter-1.4.4.tar.gz
	tar xf rkhunter-1.4.4.tar.gz
	sudo rkhunter-1.4.4/installer.sh --install # by default it installs in /usr/local/bin (which is in $PATH)

	# confirm install by checking version
	sudo rkhunter --versioncheck

	# Pre-run Updates
	sudo rkhunter --update # update database
	sudo rkhunter --propupd # Before running RKH, fill the file properties database (set baseline file properties so that rkhunter can alert us if any of the essential configuration files it tracks are altered)

	# Scan
	sudo rkhunter --check # scan the entire file system


	# Cron
	touch /etc/cron.daily/rkhunter.sh
	echo -e "#!/bin/sh
(
/usr/local/bin/rkhunter --versioncheck
/usr/local/bin/rkhunter --update
/usr/local/bin/rkhunter --cronjob --report-warnings-only
) | /bin/mail -s 'rkhunter Daily Run (${SERVER})' ${EMAIL}
}" > /etc/cron.daily/rkhunter.sh
	chmod 755 /etc/cron.daily/rkhunter.sh